[clamav-users] fake mp3, real malware.
Arnaud Jacques / SecuriteInfo.com
webmaster at securiteinfo.com
Sat Jun 4 14:21:26 UTC 2016
Hello Clamav,
A new malware is an ascii text begining by "ID3 = ".
Clamav see it as an MP3 file :
clamscan --debug SecuriteInfo.com.JS.Downloader.Agent.15736.18211.371
(...)
LibClamAV debug: Recognized MP3 file
(...)
clamscan -V
ClamAV 0.99.2/21668/Sat Jun 4 11:35:05 2016
The problem is this ascii malware cannot be normalised, but it should be.
The sample has been sent to http://www.clamav.net/reports/malware
md5sum of malware sent is : 023bff926f5852ba0e58a72c10e77f2a
--
Best regards,
Arnaud Jacques
SecuriteInfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
More information about the clamav-users
mailing list